NatSys Lab. Deep Packet Inspection (DPI)

NatSys Lab.

Deep Packet Inspection

Use Cases

● On-line advertising with active redirects● Market research● Users flow control● Data Leakage Protection (DLP)● Intellectual Web-content filtering● Intrusion detection and prevention

Deep Packet Inspection (DPI)

● Software solution for commodity x86-64 hardware

● Performs 10Gbps traffic analyzing and modification on network, transport and application layers

● Generates clickstream in Cisco RDR or custom BER formats

● Has user profiles storage and management module

Operation Modes

DPI can operate in following modes:● inline – the system works as common Linux

router which can actively filter and modify traffic on all layers

● active sniffer – the system can analyze traffic and generate clickstream and DNS and HTTP redirects

Inline Operation Mode(user flow control case)

Fault Tolerance in Inline Mode

DPI inline mode achieves fault tolerance using following technologies:● bypass network adapters● or standard Linux router failover

Active Sniffer Operation Mode(Web analytics case)

Advertising Redirects

DPI can redirect user requests depending on:● user settings (once per N seconds or requests)● matching request URI to set of regular

expressions● 400 or 500 HTTP errors● absence of corresponding DNS record● custom policy loaded in run-time from Policy

Server

Redirect in Inline Mode

Redirect in Active Sniffer Mode

Flow Control

● DPI works as a common Linux router with traffic control

● Limits traffic by TCP/UDP ports and/or IPv4/IPv6 addresses and sub-networks

● Control policy can be updated by Policy Server in run-time

Clickstream

● DPI can send or store extract of user traffic depending on custom rules

● The rules can specify values of particular HTTP headers or user addresses

● Flexible configuration of traffic extraction (clickstream)

● Traffic extraction can be compressed on-the-fly